Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.04.2019 Ran by BAQANZ (27-04-2019 10:07:12) Running from C:\Users\DELL\Downloads Windows 10 Home Version 1809 17763.437 (X64) (2019-04-09 18:54:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3511704432-3804236698-2093085827-500 - Administrator - Disabled) BAQANZ (S-1-5-21-3511704432-3804236698-2093085827-1001 - Administrator - Enabled) => C:\Users\DELL DefaultAccount (S-1-5-21-3511704432-3804236698-2093085827-503 - Limited - Disabled) Invitado (S-1-5-21-3511704432-3804236698-2093085827-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3511704432-3804236698-2093085827-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Apple Application Support (32 bits) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.) Apple Application Support (64 bits) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Ares (HKLM-x32\...\Ares) (Version: 2.5.2-Build#3078 - AresGalaxy) Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform) Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.10521 - CyberLink Corp.) CyberLink Power2Go 11 (HKLM-x32\...\{7A3F32E0-D8E1-40C1-8E1B-1F5693F2ADE0}) (Version: 11.0.1522.0 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.8205.0 - CyberLink Corp.) Dell System Detect (HKU\S-1-5-21-3511704432-3804236698-2093085827-1001\...\d24084d039586cae) (Version: 8.5.0.4 - Dell) Estudio para la mejora del producto HP DeskJet 3630 series (HKLM\...\{2BE0764D-0556-4E60-B38C-143C11CA15C5}) (Version: 40.11.1107.1739 - HP Inc.) Facebook Gameroom 1.21.6907.27509 (HKLM-x32\...\{E34773A0-158F-4322-8849-2C13BBCD6C68}) (Version: 1.21.6907.27509 - Facebook) Gestor de cámara con sensor de profundidad Intel® RealSense™ F200 (HKLM-x32\...\ARP_for_prd_dcm_runtime_1.4.27.52404) (Version: 1.4.27.52404 - Intel Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.) Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google) Google Photos Backup (HKU\S-1-5-21-3511704432-3804236698-2093085827-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden HP DeskJet 3630 series Ayuda (HKLM-x32\...\{B53FAA7E-9898-42BE-8C80-A9CA84298CAB}) (Version: 35.0.0 - Hewlett Packard) HP DeskJet 3630 series Software básico del dispositivo (HKLM\...\{77BA79F8-8C81-4614-B1D7-E759E86AC070}) (Version: 40.11.1107.1739 - HP Inc.) HP Dropbox Plugin (HKLM-x32\...\{7BEBB31E-58C4-4FA5-9AD1-ACBE32BF0D12}) (Version: 36.0.41.58587 - HP) HP Google Drive Plugin (HKLM-x32\...\{63BD9C12-5CE9-4294-B1C3-A09F971FAFB5}) (Version: 36.0.41.58587 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BC9BA4BE-DA5C-488C-97ED-0BE86C2E69B4}) (Version: 17.1.1524.1353 - Intel Corporation) Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com (HKLM-x32\...\{C982EA5E-7331-11E5-ABE7-2C44FD873B55}) (Version: 2.2.0.52404 - Intel Corporation) Hidden Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module (HKLM-x32\...\{6C1D3280-7332-11E5-AD4E-2C44FD873B55}) (Version: 1.4.27.52404 - Intel Corporation) Hidden Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (HKLM-x32\...\{6C1D3280-7332-11E5-B485-2C44FD873B55}) (Version: 1.4.27.52404 - Intel Corporation) Hidden KMSpico v9.3.2 (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: 9.3.2 - ) Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3511704432-3804236698-2093085827-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation) Mozilla Firefox 66.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 66.0.3 (x64 es-ES)) (Version: 66.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla) Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.009 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.8.311.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) Software para dispositivos de chipset Intel® (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden TC2000 v17 (HKLM-x32\...\{A6A526E4-A376-4772-897D-508FB2473C91}) (Version: 1.0.0 - Worden Brothers, Inc.) Hidden TC2000 v17 (HKU\S-1-5-21-3511704432-3804236698-2093085827-1001\...\TC2000 v17 1.0.0) (Version: 1.0.0 - Worden Brothers, Inc.) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer) thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-592409231C72} -> [Creative Cloud Files] => C:\Users\DELL\Creative Cloud Files [2017-06-21 17:02] CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC) CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{9995E057-03E8-4264-89A2-567E1AF65DC3} -> [MEGA] => C:\Users\DELL\Documents\MEGA [2017-06-22 10:42] CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC) CustomCLSID: HKU\S-1-5-21-3511704432-3804236698-2093085827-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [CLVDShellExt11] -> {0A968D6C-1B49-4200-94C3-CDDDD6E40454} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt11.dll [2017-03-23] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt11] -> {0A968D6C-1B49-4200-94C3-CDDDD6E40454} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt11.dll [2017-03-23] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxDTCM.dll [2018-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-06-22 09:32 - 2017-06-22 09:32 - 000026112 _____ () [File not signed] C:\Windows\KMS-R@1n.exe 2015-06-23 10:06 - 2015-06-23 10:06 - 000105984 _____ (Compal Inc.) [File not signed] C:\Program Files\Dell\QuickSet\QSWMIMngr.dll 2019-04-02 11:12 - 2019-04-02 11:12 - 003540480 _____ (AresGalaxy) [File not signed] C:\Program Files (x86)\Ares\Ares.exe 2019-04-27 08:59 - 2019-04-27 08:59 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\python27.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 000113664 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_ctypes.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000080896 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\bz2.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 001792512 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_hashlib.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000128512 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32api.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000137728 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\pywintypes27.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 000548864 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\pythoncom27.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 000689664 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\unicodedata.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000438784 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32com.shell.shell.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 001489408 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wx._core_.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wxbase30u_net_vc90_x64.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wxmsw30u_adv_vc90_x64.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wxmsw30u_core_vc90_x64.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wxbase30u_vc90_x64.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 001007104 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wx._gdi_.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 001039872 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wx._windows_.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wxmsw30u_html_vc90_x64.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 001325056 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wx._controls_.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000916992 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wx._misc_.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 001084416 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\pysqlite2._sqlite.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000149504 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32file.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000136192 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32security.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000007680 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\hashobjs_ext.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000020992 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\thumbnails_ext.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000118784 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\usb_ext.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000047616 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_socket.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 002224640 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_ssl.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000014848 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\common.time34.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000023040 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32event.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000034304 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\windows.conditional.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000020480 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\windows.winwrap.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000110080 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\windows.volumes.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000223232 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32gui.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000173568 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_elementtree.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000169472 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\pyexpat.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000048128 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32inet.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000103424 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wx._html2.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\wxmsw30u_webview_vc90_x64.dll 2019-04-27 08:59 - 2019-04-27 08:59 - 000046080 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_psutil_windows.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000011776 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32crypt.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000301568 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\PIL._imaging.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000032256 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_multiprocessing.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 005752320 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\cello.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000026112 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\_yappi.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000044032 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32process.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000027648 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32pipe.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000010752 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\select.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000029696 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32pdh.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000038400 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\windows.connectivity.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000073216 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\windows.device_monitor.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000020480 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32profile.pyd 2019-04-27 08:59 - 2019-04-27 08:59 - 000026624 _____ () [File not signed] C:\Users\DELL\AppData\Local\Temp\_MEI90122\win32ts.pyd 2017-06-22 09:32 - 2017-06-22 09:32 - 000005120 _____ () [File not signed] C:\WINDOWS\KMS-R@1nHook.exe 2019-04-26 11:59 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2019-04-26 11:59 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll 2017-10-05 22:16 - 2017-10-05 22:16 - 027716608 ____R (Skype Technologies S.A.) [File not signed] C:\Program Files (x86)\Skype\Phone\SkypeSkylib.dll 2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () [File not signed] C:\Program Files (x86)\Skype\Phone\skypert.dll 2017-10-05 22:03 - 2017-10-05 22:03 - 000654848 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPal.dll 2017-10-05 22:05 - 2017-10-05 22:05 - 002969600 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll 2017-10-05 22:08 - 2017-10-05 22:08 - 000941056 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll 2017-10-05 22:04 - 2017-10-05 22:04 - 000089088 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll 2017-10-05 22:07 - 2017-10-05 22:07 - 010914816 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll 2018-11-29 15:19 - 2018-11-29 15:19 - 001184256 _____ () [File not signed] C:\Users\DELL\AppData\Local\Facebook\Games\CefSharp.Core.dll 2018-11-29 15:19 - 2018-11-29 15:19 - 071641088 _____ () [File not signed] C:\Users\DELL\AppData\Local\Facebook\Games\libcef.dll 2018-11-29 15:19 - 2018-11-29 15:19 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\DELL\AppData\Local\Facebook\Games\chrome_elf.dll 2018-01-19 08:57 - 2018-01-19 08:57 - 006306816 _____ (FFmpeg Project) [File not signed] C:\ProgramData\MEGAsync\avformat-57.dll 2018-01-19 08:57 - 2018-01-19 08:57 - 023927296 _____ (FFmpeg Project) [File not signed] C:\ProgramData\MEGAsync\avcodec-57.dll 2018-01-19 08:57 - 2018-01-19 08:57 - 000599552 _____ (FFmpeg Project) [File not signed] C:\ProgramData\MEGAsync\avutil-55.dll 2016-07-11 12:23 - 2018-05-03 10:29 - 000275456 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\ProgramData\MEGAsync\libcurl.dll 2016-06-27 10:33 - 2017-11-17 08:28 - 000061952 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\ProgramData\MEGAsync\cares.dll 2016-10-01 06:44 - 2019-01-22 07:54 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\MEGAsync\SSLEAY32.dll 2018-01-19 08:57 - 2018-01-19 08:57 - 000513024 _____ (FFmpeg Project) [File not signed] C:\ProgramData\MEGAsync\swscale-4.dll 2016-04-13 03:38 - 2017-11-17 08:29 - 000798208 _____ () [File not signed] C:\ProgramData\MEGAsync\libsodium.dll 2016-09-25 02:04 - 2017-11-17 08:29 - 000851968 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\Qt5Network.dll 2016-10-01 06:44 - 2019-01-22 07:54 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\MEGAsync\LIBEAY32.dll 2016-09-25 02:07 - 2017-11-17 08:29 - 005016576 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\Qt5Gui.dll 2016-10-19 03:26 - 2017-11-17 08:29 - 004641792 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\Qt5Core.dll 2016-09-25 02:12 - 2017-11-17 08:29 - 004433920 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\Qt5Widgets.dll 2018-01-19 08:57 - 2018-01-19 08:57 - 000287232 _____ (FFmpeg Project) [File not signed] C:\ProgramData\MEGAsync\swresample-2.dll 2016-09-25 02:15 - 2017-11-17 08:29 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\platforms\qwindows.dll 2016-09-25 02:14 - 2017-11-17 08:28 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qgif.dll 2016-09-25 04:36 - 2017-11-17 08:28 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qicns.dll 2016-09-25 02:14 - 2017-11-17 08:28 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qico.dll 2016-09-25 02:15 - 2017-11-17 08:28 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qjpeg.dll 2016-09-25 04:36 - 2017-11-17 08:28 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qsvg.dll 2016-09-25 04:35 - 2017-11-17 08:29 - 000255488 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\Qt5Svg.dll 2016-09-25 04:36 - 2017-11-17 08:28 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtga.dll 2016-09-25 04:36 - 2017-11-17 08:28 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtiff.dll 2016-09-25 04:36 - 2017-11-17 08:28 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwbmp.dll 2016-09-25 04:37 - 2017-11-17 08:28 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwebp.dll 2018-11-29 15:19 - 2018-11-29 15:19 - 000774656 _____ () [File not signed] C:\Users\DELL\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll 2018-11-29 15:19 - 2018-11-29 15:19 - 003149824 _____ () [File not signed] C:\Users\DELL\AppData\Local\Facebook\Games\libglesv2.dll 2018-11-29 15:19 - 2018-11-29 15:19 - 000078848 _____ () [File not signed] C:\Users\DELL\AppData\Local\Facebook\Games\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2017-06-22 10:19 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2018-01-13 08:38 - 2018-01-13 08:43 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3511704432-3804236698-2093085827-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DELL\Pictures\La Guajira 2018\Camara\IMG_5662.JPG DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9FC4A0A1-7F3A-481C-9A64-589420028DC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{2FFF508F-26FA-436C-99F4-65D0C10AFD0D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{031B50B3-2E4B-49E6-8E21-A634D3880917}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A9B215D5-230D-40EF-88CC-3666401B6909}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{98A3C082-6713-4AA1-951E-425E4B762EB2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{70788D46-2446-441F-B378-8F638BCE008C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{560D8195-D8DF-4C26-A5FD-FB226F33F35E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{94F19ED0-68EB-4E33-BB55-56FD43741E77}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B3DBE0C7-A7DC-438E-98E3-C43366A0A20D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.104.41048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CECF88E3-1EDB-47C6-AB21-FE18DF9AB548}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS39A1\HPDiagnosticCoreUI.exe No File FirewallRules: [{B5B5131C-92EF-4BE8-AFFA-8DCD8923B7BC}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS39A1\HPDiagnosticCoreUI.exe No File FirewallRules: [{DB0E3B96-EC5F-4DA0-8AED-309B8C76503A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{AABAA190-A2D6-4A49-A45F-157DCD676537}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{60E008BE-417A-4A12-8EE0-7ABD7DA04B24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{9FE645A3-3260-4473-AFA3-53DA72C6841F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{701CAA80-BB4B-47F2-84DB-25A2A7A5C050}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [File not signed] FirewallRules: [TCP Query User{C2175E23-46FE-4034-A2C7-C5CB1A21AF64}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [File not signed] FirewallRules: [{D7AFD5FF-FD2A-41B0-82F1-618958ECE1D3}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5B2D\HPDiagnosticCoreUI.exe No File FirewallRules: [{4B9CA6A7-A2C3-4843-9986-3CFEDD5F8C44}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5B2D\HPDiagnosticCoreUI.exe No File FirewallRules: [{39A7F72A-2446-40BD-BCAA-4EFDBE96EDDB}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{92A67AF2-3F74-442F-9604-19FE88A799EF}] => (Allow) LPort=5357 FirewallRules: [{DD1E4E98-0FDE-4703-80F4-A88840233812}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{6FECB566-21C7-4E92-B045-C5FCBC3F6194}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5B2D\HPDiagnosticCoreUI.exe No File FirewallRules: [{DB1F61A8-EBAB-4280-830E-B26E99BBA67A}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5B2D\HPDiagnosticCoreUI.exe No File FirewallRules: [{8F518C31-8AB6-4CEC-AA09-43F2DA6C1BD5}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5A5C\HPDiagnosticCoreUI.exe No File FirewallRules: [{CDFB2EC4-2EB0-472E-8208-4F23E5C00570}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5A5C\HPDiagnosticCoreUI.exe No File FirewallRules: [{D4483908-D2A1-48CD-ADF4-CC6EC3CEE50D}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS58D1\HPDiagnosticCoreUI.exe No File FirewallRules: [{2A89AEAF-1892-4866-939F-F3424E592AFA}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS58D1\HPDiagnosticCoreUI.exe No File FirewallRules: [{01CDF666-9F7D-4B6C-ACC1-A798A55C9604}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe No File FirewallRules: [{778DD037-5C05-48BD-BA7E-4898053A9D1F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe No File FirewallRules: [{7FEB9B63-3279-47D9-AC75-833282F6465E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{ECFC4119-6816-4746-A0CD-715EEB3305B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2918F208-8CCE-4333-9696-40123E656FC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{71B144E9-9793-43F3-98B4-BE85DAC2CF36}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{41DCBFAB-A508-428A-95DF-71BDC3EEC23C}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe No File FirewallRules: [TCP Query User{AA082141-8A3B-4E4C-8A3C-5141A72FDC29}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe No File FirewallRules: [UDP Query User{C1460185-9529-40A3-8A23-7859A41D1A71}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{5D23D017-24E2-465C-9B19-AD0D64A28EBA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4BA0B39C-AFCB-4498-92DC-CD001C5AF720}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS215E\HPDiagnosticCoreUI.exe No File FirewallRules: [{D09C92F3-7D92-4729-9362-6509AD330C33}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS215E\HPDiagnosticCoreUI.exe No File FirewallRules: [{98CF3584-A9B4-440F-A241-FCABE8ED333E}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS20DE\HPDiagnosticCoreUI.exe No File FirewallRules: [{4202B14D-04AD-40C5-B2DE-987DBB618F69}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS20DE\HPDiagnosticCoreUI.exe No File FirewallRules: [{BCD7E470-4C0D-4A54-A824-B2C7C078A7BF}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS1F81\HPDiagnosticCoreUI.exe No File FirewallRules: [{1BDB997F-9871-41D2-A870-91D8137BB5F0}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS1F81\HPDiagnosticCoreUI.exe No File FirewallRules: [{3011E5FA-D30B-4BE8-AB26-A9D76CB4A042}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS7B00\HPDiagnosticCoreUI.exe No File FirewallRules: [{4BAD5E67-902B-406F-BF46-5307DE7983FF}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS7B00\HPDiagnosticCoreUI.exe No File FirewallRules: [{6232AD98-4C19-42A2-B8E5-0DBF2B3697C8}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS777B\HPDiagnosticCoreUI.exe No File FirewallRules: [{B2B38465-B910-4BA4-B435-20AE1D46F967}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS777B\HPDiagnosticCoreUI.exe No File FirewallRules: [UDP Query User{BE27901E-ABD5-44AE-88C8-30BDDE854CDB}C:\program files (x86)\ares\chatserver.exe] => (Block) C:\program files (x86)\ares\chatserver.exe (Ares Development Group) [File not signed] FirewallRules: [TCP Query User{4F0AC60F-0BAC-42B4-A7D1-975A44730BD6}C:\program files (x86)\ares\chatserver.exe] => (Block) C:\program files (x86)\ares\chatserver.exe (Ares Development Group) [File not signed] FirewallRules: [UDP Query User{36F4D9CF-66D0-43BD-9814-6E2044EF911E}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [File not signed] FirewallRules: [TCP Query User{A124E077-EB35-4B07-9D81-BA09288BE57E}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [File not signed] FirewallRules: [{FDC5A0C6-4E1B-4BAF-97A7-819D832E6D23}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5D27\HPDiagnosticCoreUI.exe No File FirewallRules: [{675526C7-C713-4E85-94B1-156B90E7384E}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5D27\HPDiagnosticCoreUI.exe No File FirewallRules: [{EB658875-0340-4BAC-883A-E479CA192D16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C51E8AF4-A6AB-4077-B778-672000987A80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{DE3D975F-537B-4403-BB56-29DDC1646438}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{26C22D69-5CA5-4DD1-BEF4-FC6FF4910FD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{23F4993A-A816-4FD9-B4AA-6B0314E1B0FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{225966B9-E033-44BF-A554-6E3E03B72AFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C1237109-22A0-41DD-8719-2F7FC01A1B86}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9555777D-E88A-4F45-B7C6-B33AE68142B1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File FirewallRules: [{523C4F9C-41CC-4EC9-96B2-4A54E0B81D77}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File FirewallRules: [{955AB0F5-4ECE-4C02-AE35-922D629B68CB}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed] FirewallRules: [{126612AF-FCD5-4DA6-92DC-DED8AB1EE49A}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed] FirewallRules: [{9612A867-217A-41E9-B6BB-F4B292F00EE5}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS3465\HPDiagnosticCoreUI.exe No File FirewallRules: [{9B64F92E-3247-4CA1-ADBC-01AE0B3A8A31}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS3465\HPDiagnosticCoreUI.exe No File FirewallRules: [{08B81177-F7B2-4558-9E57-0CBF6A50CB80}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS774B\HPDiagnosticCoreUI.exe No File FirewallRules: [{390938D1-8854-4AE6-B111-4AFFE59E50CC}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS774B\HPDiagnosticCoreUI.exe No File FirewallRules: [{1DE75621-2D49-4E81-915A-D4C1D2BF2DF4}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS595A\HPDiagnosticCoreUI.exe No File FirewallRules: [{1BE77B3F-0AB4-478C-87ED-4F2CEFF68CAA}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS595A\HPDiagnosticCoreUI.exe No File FirewallRules: [{D98D61B1-6881-4469-A6B7-2F1C38C168F2}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS4857\HPDiagnosticCoreUI.exe No File FirewallRules: [{7B7DE617-3786-4DC5-B3A2-07B859BA5E76}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS4857\HPDiagnosticCoreUI.exe No File FirewallRules: [{AA203171-BAE4-47CE-8F9A-38172589BF7C}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS7EA9\HPDiagnosticCoreUI.exe No File FirewallRules: [{31B04526-4E49-4F31-9A0D-893A90CBCA6B}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS7EA9\HPDiagnosticCoreUI.exe No File FirewallRules: [{B95889EB-74E2-4167-8041-A183E429CEBF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FC0D6E12-12DD-4F94-8EE6-E599F3ABBD4A}] => (Allow) LPort=1688 FirewallRules: [{B7388DDE-BC3A-41F6-A3C1-2CB3D72AFE95}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed] FirewallRules: [{CC57C458-54AB-4A36-AF4F-0C18BFF85030}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed] FirewallRules: [{08498AFB-A769-46FA-9DDF-5A779A4DC88B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed] FirewallRules: [{12AC138F-4802-4E69-8480-6125518DE895}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed] FirewallRules: [{24B2E653-5792-4F6F-837E-D64BFB467AFB}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2D378455-526C-4D3F-9DC9-2A9C3CE30FC4}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS7A81\HPDiagnosticCoreUI.exe No File FirewallRules: [{30754512-94DF-4C71-9090-B823C7D98B95}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS7A81\HPDiagnosticCoreUI.exe No File FirewallRules: [{9C074422-5E9A-4DCB-82D4-12CA0134E0DD}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS10F6\HPDiagnosticCoreUI.exe No File FirewallRules: [{BD6458FB-7D8E-4740-858D-33B3F81CB22D}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS10F6\HPDiagnosticCoreUI.exe No File FirewallRules: [{E0802042-A0B8-4106-9D40-A2AC00C7D846}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5CE5\HPDiagnosticCoreUI.exe No File FirewallRules: [{33EE7D62-3F03-4AF4-A968-671001448002}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS5CE5\HPDiagnosticCoreUI.exe No File FirewallRules: [{938CFC84-B3B4-43A7-A2AD-EE52395093B4}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS54B6\HPDiagnosticCoreUI.exe No File FirewallRules: [{BD4B7AC0-ABA2-4DDD-A85B-EB8C3B111DB8}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS54B6\HPDiagnosticCoreUI.exe No File FirewallRules: [{C5DB66D1-84EA-48B2-A6A5-D057828CA978}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS4C63\HPDiagnosticCoreUI.exe No File FirewallRules: [{97B79FC7-2F3F-4B95-ADAB-89A62AC7295A}] => (Allow) C:\Users\DELL\AppData\Local\Temp\7zS4C63\HPDiagnosticCoreUI.exe No File ==================== Restore Points ========================= 09-04-2019 16:07:05 Windows Update 23-04-2019 08:56:20 Punto de control programado ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/26/2019 12:09:19 PM) (Source: ESENT) (EventID: 454) (User: ) Description: taskhostw (14912,R,98) WebCacheLocal: Error inesperado al recuperar o restaurar la base de datos -1032. Error: (04/26/2019 12:09:19 PM) (Source: ESENT) (EventID: 413) (User: ) Description: taskhostw (14912,R,98) WebCacheLocal: No se puede crear un nuevo archivo de registro, la base de datos no puede escribir en la unidad de registro. Puede que la unidad sea de sólo lectura, no tenga espacio disponible, esté incorrectamente configurada o esté dañada. Error -1032. Error: (04/26/2019 12:09:19 PM) (Source: ESENT) (EventID: 490) (User: ) Description: taskhostw (14912,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\DELL\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8). Error: (04/26/2019 12:09:05 PM) (Source: ESENT) (EventID: 490) (User: ) Description: taskhostw (14912,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\DELL\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8). Error: (04/26/2019 08:04:11 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1860 Error: (04/26/2019 08:04:11 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1860 Error: (04/26/2019 08:04:11 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/23/2019 08:39:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 23 D.7.2.E.1.7.2.E.C.3.1.B.3.B.4.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-7GI5RNV.local. System errors: ============= Error: (04/27/2019 09:28:13 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7GI5RNV) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-7GI5RNV\BAQANZ con SID (S-1-5-21-3511704432-3804236698-2093085827-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/27/2019 09:05:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7GI5RNV) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-7GI5RNV\BAQANZ con SID (S-1-5-21-3511704432-3804236698-2093085827-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/27/2019 09:00:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.SecurityAppBroker y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/27/2019 09:00:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscBrokerManager y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/27/2019 08:58:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/27/2019 08:58:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/27/2019 08:57:06 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY) Description: El controlador de dispositivo para el Módulo de plataforma segura (TPM) encontró en el hardware de TPM un error irrecuperable que impide que se usen los servicios de TPM (como el cifrado de datos). Para obtener más ayuda, póngase en contacto con el fabricante del equipo. Error: (04/27/2019 08:56:12 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: El servicio Malwarebytes Service no se cerró correctamente después de recibir un control de aviso de apagado. Windows Defender: =================================== Date: 2019-04-27 09:06:33.991 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Alta Categoría: Herramienta Ruta de acceso: file:_C:\Windows\Temp\SppExtComObjHook.dll Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-7GI5RNV\BAQANZ Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de firma: AV: 1.293.243.0, AS: 1.293.243.0, NIS: 1.293.243.0 Versión de motor: AM: 1.1.15900.4, NIS: 1.1.15900.4 Date: 2019-04-27 09:04:49.629 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Alta Categoría: Herramienta Ruta de acceso: file:_C:\Windows\Temp\SppExtComObjHook.dll Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-7GI5RNV\BAQANZ Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de firma: AV: 1.293.243.0, AS: 1.293.243.0, NIS: 1.293.243.0 Versión de motor: AM: 1.1.15900.4, NIS: 1.1.15900.4 Date: 2019-04-27 09:04:39.206 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Alta Categoría: Herramienta Ruta de acceso: file:_C:\Windows\Temp\SppExtComObjHook.dll Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\AutoKMS\AutoKMS.exe Versión de firma: AV: 1.293.243.0, AS: 1.293.243.0, NIS: 1.293.243.0 Versión de motor: AM: 1.1.15900.4, NIS: 1.1.15900.4 Date: 2019-04-26 09:54:57.811 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {158F7CAF-EEF3-490B-8D53-500DC8EFB8FE} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-04-26 09:49:45.265 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {1418DDE5-B78F-497F-9A4C-B98421CC7F5A} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-04-23 09:14:21.297 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: 1.293.20.0 Versión de firma anterior: 1.291.2476.0 Origen de actualización: Usuario Tipo de firma: AntiSpyware Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: 1.1.15900.4 Versión de motor anterior: 1.1.15900.4 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. Date: 2019-04-23 09:14:21.297 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: 1.293.20.0 Versión de firma anterior: 1.291.2476.0 Origen de actualización: Usuario Tipo de firma: AntiVirus Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: 1.1.15900.4 Versión de motor anterior: 1.1.15900.4 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. Date: 2019-04-23 08:39:26.615 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: 1.293.20.0 Versión de firma anterior: 1.291.2476.0 Origen de actualización: Usuario Tipo de firma: AntiSpyware Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: 1.1.15900.4 Versión de motor anterior: 1.1.15900.4 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. Date: 2019-04-23 08:39:26.615 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: 1.293.20.0 Versión de firma anterior: 1.291.2476.0 Origen de actualización: Usuario Tipo de firma: AntiVirus Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: 1.1.15900.4 Versión de motor anterior: 1.1.15900.4 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. Date: 2019-04-21 20:26:13.878 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.291.2143.0 Origen de actualización: Servidor de Microsoft Update Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: Versión de motor anterior: 1.1.15800.1 Código de error: 0x80240016 Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. CodeIntegrity: =================================== Date: 2019-04-26 12:57:31.081 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-26 12:57:31.078 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-26 12:57:31.073 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-26 12:57:31.051 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-26 12:57:31.029 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-26 12:57:31.011 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-26 12:57:30.921 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-26 12:57:30.918 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: Dell Inc. 1.2.1 06/08/2016 Motherboard: Dell Inc. 0WTXH9 Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz Percentage of memory in use: 52% Total physical RAM: 7891.52 MB Available physical RAM: 3738.1 MB Total Virtual: 11891.52 MB Available Virtual: 6924.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.54 GB) (Free:824.68 GB) NTFS \\?\Volume{3e118884-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS \\?\Volume{3e118884-0000-0000-0000-c0c1e8000000}\ () (Fixed) (Total:0.48 GB) (Free:0.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3E118884) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=495 MB) - (Type=27) ==================== End of Addition.txt ============================